Method and system of cataloging and detecting network faults

ABSTRACT

A system ( 10 ) for cataloging and detecting network faults, includes a communication interface ( 12 ) for receiving a fault message from a network. A parser ( 14 ) is connected to the communication interface ( 12 ). The parser ( 14 ) parses the fault message for an event type. An associative database ( 16 ) is connected to the parser ( 14 ) and stores a tally for the fault message.

FIELD OF THE INVENTION

The present invention relates to network systems and more particularly to a method and system of cataloging and detecting network faults.

BACKGROUND OF THE INVENTION

In complex intelligent networks, network devices generate error messages. These error messages help technicians repair the network devices. However, additional insight can be gained by collecting all the network error messages at a central location. The error message includes event type information and target information. Event type information includes messages such as a certain action cannot be completed. Target type information includes various physical equipment, such as telephone numbers, circuits, equipment ID (identification) and equipment location.

Present systems only determine the number of errors for event types. When an event type has a high repeat appearance of counts, then the technician knows that further investigation is required. Unfortunately this requires the technician to manually separate the targets to determine which targets are the likely cause of the errors. This requires considerable effort and time.

Thus there exists a need for a method and system to catalog and detect network faults. The system should also be capable of tracking both event types and targets and automatically determine trouble spots.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a system for cataloging and detecting network faults in accordance with one embodiment of the invention;

FIG. 2 is a block diagram of a system for cataloging and detecting network faults in accordance with one embodiment of the invention;

FIG. 3 is a flow chart of the steps used in a method of cataloging and detecting network faults in accordance with one embodiment of the invention;

FIG. 4 is a flow chart of the steps used in a method of cataloging and detecting network faults in accordance with one embodiment of the invention; and

FIGS. 5 & 6 are a flow chart of the steps used in a method of cataloging and detecting network faults in accordance with one embodiment of the invention.

DETAILED DESCRIPTION OF THE DRAWINGS

A system for cataloging and detecting network faults, includes a communication interface for receiving a fault message from a network. A parser is connected to the communication interface. The parser parses the fault message for an event type. An associative database is connected to the parser and stores a tally for the fault message. In one embodiment the parser also parses for targets and all combinations of event type and target are tallied. The associative memory allows rapid lookup of any combination of event types and targets. The speed of the lookup is essentially independent of the total number of entries. This means the system does not suffer any performance degradation by tracking all the various permutations of targets and event types.

FIG. 1 is a block diagram of a system 10 for cataloging and detecting network faults in accordance with one embodiment of the invention. A communication interface 12 receives a fault message from a network. A parser 14 is connected to the communication interface 12. The parser 14 parses the fault message for an event type. An associative database 16 is connected to the parser 14 and stores a tally for the fault message.

FIG. 2 is a block diagram of a system 20 for cataloging and detecting network faults in accordance with one embodiment of the invention. A communication interface 22 receives a plurality of fault messages from a network. A parser 24 is connected to the communication interface 22. The parser 24 parses the plurality of fault messages for an event code, a target and a tally. The parser 24 determines a target type based on the event code. Note that an event code is the type of error that occurred. A target type is the type of equipment (physical asset) associated with the error and the target is a specific piece of equipment (physical asset). An association calculator (e.g., a hashing calculator) 26 is connected to the parser 24. The association calculator 26 determines a key based on the event code. The association calculator 26 determines an association for the key. An associative database 28 is connected to the parser 24. The associative database 28 stores the tally in a location pointed by the association. A filter 30 is connected to the associative database 28. The filter determines a tally threshold for an event code. An operator interface 32 is connected to the communication interface 22. The fault messages are automatically tallied for every permutation of event code, target type and target. This includes cumulative numbers for just the event code, just the target type and just the target. This allows the system to track all the information supplied by the fault messages without human intervention like the prior art systems. A tally threshold is set for every key (permutation of event code, target type and target). Note that the tally threshold can be an absolute number, a number of tallies in a given period, a moving average, etc. or any combination thereof. When a tally threshold is exceeded a network problem message is sent to the operator interface 32. The associative database allows the system to track very large numbers of keys without any database access time degradation. This in turn makes it practical to have a key for every permutation of event code, target type and target. This provides significantly more information about a problem type to the operations personnel responsible for fixing network errors.

FIG. 3 is a flow chart of the steps used in a method of cataloging and detecting network faults in accordance with one embodiment of the invention. The process starts, step 50, by receiving a fault message at step 52. The fault message is parsed to find an event code at step 54. A key is defined based on the event code at step 56. An association based on the key is determined at step 58. At step 60, a tally is stored at a database location determined by the association, which ends the process at step 62. In one embodiment, the fault message is parsed to find a target. Based on the target, a target type is determined. In one embodiment the event code and the target are concatenated to form the key. In another embodiment the event code and the target type are concatenated to form the key. In another embodiment, the event code, the target type and the target are concatenated to form the key.

In one embodiment a set of target types is determined based on the event code. A plurality of targets is found using the set of target types.

In one embodiment a threshold is set for a predetermined event type. A lookup on the predetermined event type is performed. Next it is determined if an event type tally exceeds the threshold. When the event type tally exceeds the threshold, a network problem message is sent to an operator's terminal.

In one embodiment a target type threshold is set for a predetermined target type. A lookup on the predetermined target type is performed. Next it is determined if the target type tally exceeds the target type threshold.

In one embodiment a target threshold for a predetermined target is set. A lookup on the predetermined target is performed. Next it is determined if a target tally exceeds the target threshold.

FIG. 4 is a flow chart of the steps used in a method of cataloging and detecting network faults in accordance with one embodiment of the invention. The process starts, step 80, by receiving a plurality of fault messages at step 82. The plurality of fault messages are parsed for a target to form a plurality of tallies associated with the plurality of targets at step 84. For each of the plurality of targets, a key is determined based on the target to form a plurality of keys at step 86. An association is calculated for each of the plurality of keys at step 88. At step 90, a subset of the plurality of tallies is stored in a location of an associative database pointed to by the association, which ends the process at step 92. In one embodiment, a target threshold is set for one of the plurality of targets. A lookup is performed in the associative database for a tally of the one of the plurality of targets. When the tally exceeds the target threshold, a network problem message is formed.

In one embodiment, the plurality of fault messages are parsed for an event code. A target type is determined for each of the plurality of targets. A key is formed based on a concatenation of the event code, the target type and the target.

FIGS. 5 & 6 are a flow chart of the steps used in a method of cataloging and detecting network faults in accordance with one embodiment of the invention. The process starts, step 100, by receiving a plurality of fault messages from a network at step 102. The plurality of fault messages are parsed for an event code and a target at step 104. A target type is determined for the target at step 106. A tally is formed for each instance of the event code, the target type and the target at step 108. A key is formed for each unique combination of the event code, the target type and the target at step 110. An association is calculated for the key at step 112. The tally is stored in a location of an associative database connected with the key at step 114. A threshold is set for a predetermined target type at step 116. A number of tallies for the predetermined target type is determined at step 118. When the number of tallies exceeds the threshold at step 120, a network problem message is sent to an operator which ends the process at step 122.

The methods described herein can be implemented as computer-readable instructions stored on a computer-readable storage medium that when executed by a computer will perform the methods described herein.

While the invention has been described in conjunction with specific embodiments thereof, it is evident that many alterations, modifications, and variations will be apparent to those skilled in the art in light of the foregoing description. Accordingly, it is intended to embrace all such alterations, modifications, and variations in the appended claims. 

1-24. (canceled)
 25. A method of cataloging and detecting network faults, comprising the steps of: (a) receiving a fault message; (b) parsing the fault message to find an event code; and (c) defining a key based on the event code.
 26. The method of claim 25 further including the steps of: (d) calculating a hash of the key to form an association; (e) storing a tally at a database location pointed to by the association.
 27. The method of claim 25, wherein step (b) further includes the step of parsing the fault message to find a target, the target is a specific piece of equipment.
 28. The method of claim 25, wherein step (c) further including the step of: (c1) concatenating the event code and a target to form the key.
 29. The method of claim 25, wherein step (c) further including the step of: (c1) concatenating the event code and a target type to form the key.
 30. The method of claim 26, further including the steps of: (f) setting a threshold for a predetermined event type; (g) performing a lookup on the predetermined event type; (h) determining if an event type tally exceeds the threshold.
 31. The method of claim 30, further including the step of when the event type tally exceed the threshold sending a network problem message to an operator's terminal.
 32. A system for cataloging and detecting network faults, comprising a communication interface for receiving a fault message from a network; a parser connected to the communication interface; and an associative database connected to the parser storing a tally for the fault message.
 33. The system of claim 32, wherein the parser, parses the fault message for an event type.
 34. The system of claim 32, wherein the associative database has hashing calculator that forms a key from the event type and determining an association based on the key.
 35. The system of claim 32, wherein the parser parses the fault message for a target.
 36. A method of cataloging and detecting network faults, comprising the steps of: (a) receiving a plurality of fault messages; (b) parsing the plurality of fault messages for a target to form a plurality of tallies associated with a plurality of targets; and (c) determining, for each of the plurality of targets, a key based on the target, to form a plurality of keys.
 37. The method of claim 36, further comprising the steps of: (d) calculating a hash of the plurality of keys to form an association for each of the plurality of keys; (e) storing a subset of the plurality of tallies in a location of an associative database pointed to by the association.
 38. The method of claim 36, further including the steps of: (f) setting a target threshold for one of the plurality of targets; (g) performing a lookup in the associative database for a tally of the one of the plurality of targets; (h) when the tally exceeds the target threshold, forming a network problem message.
 39. The method of claim 38, wherein the key is based on a concatenation of an event code, a target type and a target. 